Dear All,
I have working code that talks to the App Attest receipt refresh API using JWT authorization. I'm now trying to talk to the App Store Connect API, and I'm trying to use essentially the same code for the JWT generation - but it doesn't work.
It's frustrating that the API just returns a non-specific 401 "Not Authorized" response, without giving any further clue about what's wrong.
I am creating a JWT as follows for App Store Connect; yes I'm aware that the required fields are slightly different for the two APIs:
header = {"alg":"ES256","kid":"12345YZSX8","typ":"JWT"}
payload = {"iss":"1234567-1234-1234-1234-123456789012","iat":1687379230,"exp":1687379530,"aud":"appstoreconnect-v1"}
Using the resulting encoded token, with my own code or with curl, fails with a 401 error:
Status: 401
{
"errors": [{
"status": "401",
"code": "NOT_AUTHORIZED",
"title": "Authentication credentials are missing or invalid.",
"detail": "Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens"
}]
}
Doing essentially the same thing, with the slightly different JSON fields and a different .p8 key file, does work with the App Attest API - so I'm probably not creating complete garbage.
I've wasted hours on this now. Does anyone have any debugging hints?